CEO DailyCFO DailyBroadsheetData SheetTerm Sheet

Apple’s unholy compromises in China

May 18, 2021, 5:15 PM UTC

This is the web version of Data Sheet, a daily newsletter on the business of tech. Sign up to get it delivered free to your inbox. 

Apple—the world’s most valuable company and self-styled privacy vanguard against the encroachments of Big Tech—is capitulating to the demands of the Chinese government in order to preserve its lucrative business there.

The New York Times yesterday published a meaty investigation into Apple’s Beijing-placating data policies. After a Chinese cybersecurity law came into effect in 2017, Apple started storing customer iCloud data—spanning emails, contacts, photos, and geolocation—on computer servers in China and handled by Chinese state employees. The iPhone-maker is also aggressively and proactively censoring apps and other content that might displease Chinese regulators in the Chinese version of its App Store.

Some of the details of the story are technical, but they are critical to understanding the costs of doing business in China. One issue concerns iCloud encryption keys, the password-like codes that protect people’s cloud-hosted data from prying eyes. Originally, the keys were stored abroad, but eventually Apple was forced to house the keys inside China, the Times reports. The move potentially makes it easier for the Chinese government to access people’s Apple data.

Another (star-studded) red flag: Apple recently tweaked its user agreement to give a third party—Guizhou-Cloud Big Data, or GCBD—legal ownership of Chinese customers’ iCloud data. The arrangement is effectively “a legal shield from American law,” which could otherwise prevent Apple from handing over sensitive data to the Chinese government, the newspaper reports.

One fascinating point highlighted by Matthew Green, a cryptography professor at Johns Hopkins University, involves a technical stipulation by Beijing. China apparently insisted that Apple not use its ordinary equipment for protecting encryption keys: hardware security modules developed by the French company Thales. The devices are standard across the cybersecurity industry.

The proviso raises an obvious question: Why doesn’t China allow Thales’s tech? Is it because China believes the company’s modules aren’t safe and secure enough, implying that hackers and spies can potentially undermine them? Or is it because the equipment is deemed too safe and secure, meaning the Chinese government believes it is too difficult to break into them to extract secrets? Or, could this just be a bit of techno-nationalism, a general rejection of tech designed by a foreign firm and generally embraced by the western world? (Although, why, then, allow Apple to operate in China in the first place?)

The answers are unclear, but the Times leans heavily toward option No. 2. The story notes that Apple’s solution involved whipping up its own key-storing device using a combination of old iOS software and low-cost Apple TV hardware. Cybersecurity researchers regard China as a haven for iPhone “jailbreakers,” hackers who specialize in burrowing deep into the innards of Apple’s software, suggesting China sought to break into these new key-containers.

Apple, for its part, contends that it has not weakened security abroad and that it is merely trying to create “the best user experience without violating the rules we are obligated to follow.” The company said in a statement published by the Times that it “never compromised the security of our users or their data in China or anywhere we operate.” The firm added that its Chinese data centers “feature our very latest and most sophisticated protections.”

China accounts for $55 billion worth of Apple’s revenues, a fifth of the company’s worldwide total. That’s a significant chunk of Apple’s business—a share the company will, as any capitalist enterprise would, fight to protect and grow. And that means it must play by Beijing’s rules.

Robert Hackett
Twitter: @rhhackett
robert.hackett@fortune.com

NEWSWORTHY

IO on the prize. Kicking off at 1 PM ET today, Google's IO 2021 developer conference will be live-streamed on YouTube. As Aaron noted yesterday, we're expecting the debut of Android 12, plus possible announcements related to new Pixel Buds earbuds and a Pixel 5A phone. Meanwhile, Mark Gurman at Bloomberg has the skinny on Apple's planned revamp of its Mac laptops and desktops.

Whose Team are you on? Better late than never: Microsoft Teams has rolled out a new teleconferencing option as a free tier for "personal" use. Until further notice, the product is offering group calls involving up to 300 people for 24 hours. Whenever that deal expires, the company says it will still offer 100-person meetings that can last up to an hour, besting Zoom's 40-minute limit. 

Parler is French for "Give me my freaking Cola." Right wing-friendly social media app Parler is back on Apple's App Store. The company has a new CEO too: George Farmer, a prominent U.K. conservative who has replaced interim CEO Mark Meckler. The executive team says the app has new community guidelines that will prevent it from being abused as a tool for crime.

Pin the tail on the donkey. After settling a major gender discrimination lawsuit, Pinterest has vowed to add more female executives and workers of color to its ranks. The company said it has already achieved pay equity across its U.S. workforce, but it still wants to boost diversity in its new hires. And Pinterest, like everyone else, is out with its own version of a TikTok clone

Dumps like a truck. Cryptocurrency prices are largely down across the board—wiping out half a trillion dollars from last week's peak. Some people are blaming Elon Musk's provocative tweets. Perhaps this indicates a teetering into the "dump" part of the pump-and-dump equation. That's not before Darkside, the group behind the Colonial Pipeline hack, made off with $90 million in Bitcoin ransomware payments

Shaken, not stirred. AT&T is offloading its media properties, as Aaron noted yesterday. But Amazon is taking the opposite approach. The e-commerce behemoth is in talks to buy MGM, the movie studio that owns James Bond, Survivor and other franchises. 

Harry Potter but American.

FOOD FOR THOUGHT

Fortune's Michal-Lev-Ram has the first-ever magazine profile of Alfred Lin, a partner at Sequoia Capital who backed companies behind some of the biggest IPOs of the past year, including Airbnb and Doordash. Lin was a good friend and former business partner of Tony Hsieh, the Zappos founder who died in a house fire last November. The duo's history began with selling pizza at Harvard.

Lin has never participated in an in-depth profile; this is his first. But he sat down with me twice, once in Sequoia’s office and once over Zoom, and was willing to talk openly about the wild ride he has been on in recent months, the record financial gains and deep personal loss. He agreed to talk about the impact Hsieh’s unexpected death had on him, and what he learned from his late partner and friend. And he was open, though definitely not boastful, about the part he played in Sequoia’s exceptionally fruitful 2020.

IN CASE YOU MISSED IT

The Gojek-Tokopedia merger will create Indonesia’s most powerful Internet company. But can “GoTo” hold its own? By Clay Chandler and Eamon Barrett

California opens probe into whether Tesla’s ‘full self-driving’ option is the real deal, or an exaggerated claim by Tom Krisher and Stefanie Dazio

‘Big Short’ Burry makes massive bet against Tesla, Musk by Jeremy Herron and Elena Popina

How Twilio powers trillions of nearly invisible interactions by Sheryl Estrada

AT&T’s Warner Media debacle broke the two most fundamental principles of M&A strategy by Geoff Colvin

Some of these stories require a subscription to access.Thank you for supporting our journalism.

BEFORE YOU GO

Degenerate gambler and media magnate Dave Portnoy said yesterday that he put $40,000 into a cryptocurrency called Safemoon. In the video announcement—captioned "My shitcoin announcement. Invest at your own risk. I have no idea how this works"—he tells people "If it is a Ponzi, get in on the groundfloor." It's not great advice. Anyway, here's what we know about Safemoon.

Our mission to make business better is fueled by readers like you. To enjoy unlimited access to our journalism, subscribe today.